Remote Access systems for consumer vehicles have become a popular, if not essential, feature of most vehicles sold today. Nearly every vehicle on the market for the past several years has included some form of keyless entry as either a standard feature or add-on option. Consumers with older vehicles without remote access systems have been able to retrofit their vehicles with aftermarket systems.
The technologies behind these systems have evolved rapidly with remote systems moving from low security fixed codes with simple transmission schemes to high security encrypted rolling codes with advanced transmission protocols. Developers of these systems, both OEM and aftermarket, have been constantly refining and improving their offerings to take advantage of improvements in technology. Over time, the numerous designs and platforms, coupled with rapidly changing security technologies, have resulted in a great variety of remote devices and systems that are almost universally incompatible across vehicle brands or makes and even between different year and models of vehicles. Several problems exist with currently available OEM keyless entry remote devices.
First, retailers and resellers of vehicle remote devices must stock a large number of remote device stock keeping units (“SKU”) to cover the breadth of vehicle makes, models, and years. Vehicle manufacturers may have a diverse range of remote devices among their models or they may be homogeneous in general but vary in small cosmetic changes like buttons or model labeling. This problem is compounded by the fact that many remote devices have very similar appearance but are not functionally interchangeable for a given car model or year. Resellers must maintain detailed compatibility databases and cope with end user confusion about which remote device can be paired with their car.
Second, replacement remote devices for those lost or damaged are typically proprietary and very expensive and available from the original manufacturer only for a limited number of years after the manufacturer stops production of the particular vehicle model. Once this window closes it may become increasingly difficult for consumers to buy a new OEM remote device.
Third, many consumers own more than one vehicle and each vehicle may be a different make or model and may have its own keyless entry remote device that is not compatible with the other vehicles owned by the consumer. Managing two or more remote devices can be a nuisance and confusing if the remote devices feel or look similar but are incompatible.
Finally, the features and capabilities of a given OEM or aftermarket remote device are limited by the technologies of period it was produced. Many remote devices were designed with poor analog transmitters that lacked range or battery life. These remote devices may have used fixed or simple rolling codes in their protocol that limit their security margin.
Another challenge with OEM remote devices is that there are no enforced standards for implementing rolling code locking systems and remote devices. Remote keyless entry systems known in the art employ a wide range of schemes for generating the key sequences used by remote devices. There are several common data formats used in remote device RF radio transmissions and each type is typically referred to as a code. These code types include fixed codes, rolling codes, and encrypted rolling codes.
The first generation of keyless entry remote devices transmitted the same data pattern every time a key was pressed. This is referred to as a “fixed code.” The data is simple, and usually consists of an ID code and function code. For example, a fixed code remote device would generate a signal by combining an ID code of 01010 and a function code of 111, which when put together is sent or transmitted as 01010111. Other keys on the remote device might have function codes of 000, 001, 011, etc., but the ID code would be the same for each key, ex: 01010000. Most fixed code remote devices have a different ID code, but all units of a particular remote device model shared the same function codes. Increasingly, over time this type of code could easily be intercepted by an unauthorized person and replayed through a transmitter to gain unauthorized access to the vehicle.
To eliminate the replay vulnerability of fixed codes, the ID code was made longer, and made to change in a predefined number sequence every time a button was pressed, this is known as a “rolling code”. The ID number sequence was known to the remote device, and the car receiver. They merely had to be synchronized to the same point in the sequence, and the car would always know what code should come next in sequence from the remote device. However, this sequence is not a pre-stored list of numbers. The next number is generated by a mathematical formula that produces a known sequence of what appears to be random numbers. This approach provides a much greater level of security, as an attacker must exactly replicate the mathematical algorithm used to generate the numbers. The difficulty in recreating the original algorithm is easily increased by making the ID code longer, but this too can be subject to a replay attack.
An encrypted rolling code remote device encrypts the signal generated by the rolling code system before radio transmission, making it more difficult for an unauthorized person to analyze the rolling code content. Encryption schemes vary from vendor to vendor and usually include longer key sequences and specialized hardware to generate the encrypted key sequences. Keeping in mind that rolling code remote devices also increment their key sequences, many vendors also use elaborate algorithms to determine the amount by which the key sequence number will be incremented. Additionally, complex authentication schemes can be used between the remote device, the user's physical transponder key, and the RF base station in the vehicle to validate the key that was provided by remote device.
The use of multiple code schemes in the art makes it very challenging to create a device that is compatible with multiple makes and models of vehicle or with multiple remote devices. Furthermore, remote devices known in the art are typically frequency fixed. Frequency fixed remote devices cannot be reprogrammed to work optimally or at all at different transmission frequencies.
What is needed is a programmable and reconfigurable keyless entry remote device that solves the availability, security, and technical problems of existing OEM keyless entry remote devices.